Third Fine for Meta in 2022 Is One of Highest GDPR Penalties

Meta Platforms Inc. was hit with a $277 million fine for failing to prevent the leak of the personal data of more than half a billion users of its Facebook service. The Irish Data Protection Commission (DPC) levied the fine following a probe that found Meta had failed to apply the strict safeguards required under the General Data Protection Regulation (GDPR). On top of the fine, the third-biggest under the GDPR, the DPC ordered Meta’s Irish unit to ensure its processing complies with the law. The DPC opened its probe following revelations that “a collated dataset of Facebook personal data” had been published on the internet. Personal information on 533 million Facebook users worldwide reemerged on a hacker website last year, including their birthdates, phone numbers, locations and email addresses. The investigation looked into Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools with regard to Meta’s processing between May 2018 and September 2019. The social network previously said that the data was old and the problem had been fixed in 2019. This is the third fine the DPC has imposed on Meta this year, with the total reaching nearly $700 million.